Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 06-20-2009, 01:42 AM   #1
Ecchi22
Too lazy to set a custom title
 
Ecchi22's Avatar
 
Industry Role:
Join Date: Nov 2005
Posts: 10,012
:mad IFrame Virus/Trojan experiences & question.. Please share yours

Few months ago, I had to deal with this problem..

Some weird piece of code affected almost all my sites on a shared hosting, but it happened on my dedicated too.

Somehow it injects code in .html and .php pages, usually ones with "index" and "home" names. Some antiviruses detects them, some aren't, but google stamps "warning" at your site which, you have to admit is pretty bad and decreases the traffic a lot (in my case, 6 times less traffic).

I tried to clean this code and update almost every CMS software I had on my host, but the problem was still occurring.
Contacted hosting support too, and they told me to change all my passwords (cpanel & ftp accounts). I've done that and everything seemed to be fine. Forgot to mention that I spent lots of time using google webmasters tools to request review after the cleanup.

Yesterday, I noticed this code being injected again. I cleaned it up, but I'm getting a bit worried now, so I'd like to stop it once forever (ok, at least for some time).

In order to isolate my side in this problem, I worked 2 months on newly installed linux machine with all new passwords for host, but some sites still got infected.

What's your experience about this and similar thingies? Is it hosting issue or something else? Any prevention tips?
__________________

Last edited by Ecchi22; 06-20-2009 at 01:43 AM..
Ecchi22 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 02:08 AM   #2
klinton
So Fucking Banned
 
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
Clean your PC, trust me... !

I had the same situation

it gets your ftp pass and then reupload infected files
klinton is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 02:45 AM   #3
k0nr4d
Confirmed User
 
k0nr4d's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,204
I've had a few clients have a problem like this. It's a computer virus that sniffs out ftp info and either sends it off to another machine which in turn injects this code onto index.html/index.php files, or it causes your own machine to ftp in.

Run Virus scanner, Change all your ftp passwords afterwards
k0nr4d is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 03:11 AM   #4
Ecchi22
Too lazy to set a custom title
 
Ecchi22's Avatar
 
Industry Role:
Join Date: Nov 2005
Posts: 10,012
Thanks for your answers.. I might left over some ftp accounts, going to change their passwords too.

Anyway I'll recheck my own security too. Thanks!
__________________
Ecchi22 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 04:21 AM   #5
redwhiteandblue
Bollocks
 
redwhiteandblue's Avatar
 
Industry Role:
Join Date: Jun 2007
Location: Bollocks
Posts: 2,792
Quote:
Originally Posted by klinton View Post
Clean your PC, trust me... !

I had the same situation

it gets your ftp pass and then reupload infected files

Yep, I'm pretty sure I had the same. It was happening on two different servers even after changing the passwords but after I scanned my PC with Kaspersky a couple of times it stopped.
redwhiteandblue is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 09:49 PM   #6
bigalownz
Confirmed User
 
bigalownz's Avatar
 
Industry Role:
Join Date: Aug 2005
Location: NEW ZEALAND
Posts: 1,654
change your ftp passwords asap and then change them evey week or so
__________________
$100 free credit for all hosting needs
bigalownz is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 10:13 PM   #7
Robo
Just a happy man
 
Industry Role:
Join Date: Oct 2001
Location: ICQ 159948094
Posts: 10,889
...and if you want to resolve the problem for some time, chmod your index.html or index.php to 444 (no writing possible, but also for the owner).
When you'll update your index files you'll need to delete them first (or chmod again), but also any virus will not have way to come to to index files.
If your site is updated automatic, it can be a problem.
__________________

Always Paid On Time
Robo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-20-2009, 10:37 PM   #8
harvey
Confirmed User
 
harvey's Avatar
 
Industry Role:
Join Date: Jul 2001
Location: 127.0.0.1
Posts: 9,266
I posted the solution here, check it out. We cleaned 3 PC and everybody that asked for help could clean it with no problem and the fucking thing never got back. Lots of steps, but well, you gotta do it
__________________
This post is endorsed by CIA, KGB, MI6, the Mafia, Illuminati, Kim Jong Il, Worldwide Ninjas Association, Klingon Empire and lolcats. Don't mess around with it, just accept it and embrace the truth
harvey is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
hosting, iframe, malware, trojan, virus



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.